All the vulnerabilites related to ibm - web_content_manager
cve-2010-4806
Vulnerability from cvelistv5
Published
2011-05-26 16:00
Modified
2024-09-16 23:15
Severity ?
EPSS score ?
Summary
The authoring tool in IBM Web Content Manager (WCM) 6.1.5, and 7.0.0.1 before CF003, allows remote authenticated users to bypass intended access restrictions on draft creation by leveraging certain resource editor privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg1PM26755 | vendor-advisory, x_refsource_AIXAPAR | |
| http://www.ibm.com/support/docview.wss?uid=swg24029452 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:02:29.033Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "PM26755",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM26755"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg24029452"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The authoring tool in IBM Web Content Manager (WCM) 6.1.5, and 7.0.0.1 before CF003, allows remote authenticated users to bypass intended access restrictions on draft creation by leveraging certain resource editor privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-05-26T16:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "PM26755",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM26755"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg24029452"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4806",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The authoring tool in IBM Web Content Manager (WCM) 6.1.5, and 7.0.0.1 before CF003, allows remote authenticated users to bypass intended access restrictions on draft creation by leveraging certain resource editor privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "PM26755",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM26755"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg24029452",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg24029452"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4806",
"datePublished": "2011-05-26T16:00:00Z",
"dateReserved": "2011-05-26T00:00:00Z",
"dateUpdated": "2024-09-16T23:15:34.839Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-4807
Vulnerability from cvelistv5
Published
2011-05-26 16:00
Modified
2024-09-16 20:02
Severity ?
EPSS score ?
Summary
Race condition in IBM Web Content Manager (WCM) 7.0.0.1 before CF003 allows remote authenticated users to cause a denial of service (infinite recursive query) via unspecified vectors, related to a StackOverflowError exception.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ibm.com/support/docview.wss?uid=swg24029452 | x_refsource_CONFIRM | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1PM36141 | vendor-advisory, x_refsource_AIXAPAR |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:02:29.056Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg24029452"
},
{
"name": "PM36141",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM36141"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Race condition in IBM Web Content Manager (WCM) 7.0.0.1 before CF003 allows remote authenticated users to cause a denial of service (infinite recursive query) via unspecified vectors, related to a StackOverflowError exception."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-05-26T16:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg24029452"
},
{
"name": "PM36141",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM36141"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4807",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Race condition in IBM Web Content Manager (WCM) 7.0.0.1 before CF003 allows remote authenticated users to cause a denial of service (infinite recursive query) via unspecified vectors, related to a StackOverflowError exception."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg24029452",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg24029452"
},
{
"name": "PM36141",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM36141"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4807",
"datePublished": "2011-05-26T16:00:00Z",
"dateReserved": "2011-05-26T00:00:00Z",
"dateUpdated": "2024-09-16T20:02:15.979Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-2901
Vulnerability from cvelistv5
Published
2016-06-26 01:00
Modified
2024-08-05 23:40
Severity ?
EPSS score ?
Summary
Cross-site request forgery (CSRF) vulnerability in the PA_Theme_Creator application in IBM WebSphere Portal 8.5 CF08 through CF10 and Web Content Manager allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg1PI62594 | vendor-advisory, x_refsource_AIXAPAR | |
| http://www.securitytracker.com/id/1036143 | vdb-entry, x_refsource_SECTRACK | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21983974 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:40:13.609Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "PI62594",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI62594"
},
{
"name": "1036143",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036143"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983974"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-06-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in the PA_Theme_Creator application in IBM WebSphere Portal 8.5 CF08 through CF10 and Web Content Manager allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-07-25T16:57:02",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "PI62594",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI62594"
},
{
"name": "1036143",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036143"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983974"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-2901",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in the PA_Theme_Creator application in IBM WebSphere Portal 8.5 CF08 through CF10 and Web Content Manager allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "PI62594",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI62594"
},
{
"name": "1036143",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036143"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21983974",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983974"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-2901",
"datePublished": "2016-06-26T01:00:00",
"dateReserved": "2016-03-09T00:00:00",
"dateUpdated": "2024-08-05T23:40:13.609Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-2754
Vulnerability from cvelistv5
Published
2011-07-17 20:00
Modified
2024-09-16 18:38
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the PageBuilder2 (aka Page Builder) theme in IBM WebSphere Portal 7.x before 7.0.0.1 CF006, as used in IBM Web Content Manager (WCM) and other products, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/45106 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.ibm.com/support/docview.wss?uid=swg21503959 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:08:23.777Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "45106",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45106"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21503959"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the PageBuilder2 (aka Page Builder) theme in IBM WebSphere Portal 7.x before 7.0.0.1 CF006, as used in IBM Web Content Manager (WCM) and other products, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-07-17T20:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "45106",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45106"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21503959"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-2754",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the PageBuilder2 (aka Page Builder) theme in IBM WebSphere Portal 7.x before 7.0.0.1 CF006, as used in IBM Web Content Manager (WCM) and other products, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45106",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45106"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21503959",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21503959"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-2754",
"datePublished": "2011-07-17T20:00:00Z",
"dateReserved": "2011-07-17T00:00:00Z",
"dateUpdated": "2024-09-16T18:38:36.421Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2011-07-17 20:55
Modified
2024-11-21 01:28
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the PageBuilder2 (aka Page Builder) theme in IBM WebSphere Portal 7.x before 7.0.0.1 CF006, as used in IBM Web Content Manager (WCM) and other products, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | web_content_manager | * | |
| ibm | websphere_portal | 7.0.0.0 | |
| ibm | websphere_portal | 7.0.0.1 | |
| ibm | websphere_portal | 7.0.0.1 | |
| ibm | websphere_portal | 7.0.0.1 | |
| ibm | websphere_portal | 7.0.0.1 | |
| ibm | websphere_portal | 7.0.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:web_content_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3338B4C9-9AB9-4EDD-B609-CC50A75BFB5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D303B0B9-CDAB-409B-AE44-512D4791C36F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6ECEE98-B276-4ED6-AA5A-109EA57E9925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf002:*:*:*:*:*:*",
"matchCriteriaId": "2991B76F-8E96-45A9-8B9D-942AF93755E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf003:*:*:*:*:*:*",
"matchCriteriaId": "041D220D-2088-4633-B1AA-8902AD1C6BD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf004:*:*:*:*:*:*",
"matchCriteriaId": "53B376AE-7AA9-4362-9CB2-17B3AB783FC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf005:*:*:*:*:*:*",
"matchCriteriaId": "84D744C2-DA4B-4F04-894F-7820FDC49A04",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the PageBuilder2 (aka Page Builder) theme in IBM WebSphere Portal 7.x before 7.0.0.1 CF006, as used in IBM Web Content Manager (WCM) and other products, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Una vulnerabilidad de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en\r\nPageBuilder2 (Page Builder aka) en IBM WebSphere Portal v7.0.0.1 7.x antes de CF006, como el usado en IBM Content Manager Web (WCM) y otros productos, permite a atacantes remotos inyectar arbitrariamente web script o HTML a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2011-2754",
"lastModified": "2024-11-21T01:28:54.033",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-07-17T20:55:01.873",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45106"
},
{
"source": "cve@mitre.org",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21503959"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45106"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21503959"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-06-26 01:59
Modified
2024-11-21 02:49
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in the PA_Theme_Creator application in IBM WebSphere Portal 8.5 CF08 through CF10 and Web Content Manager allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_portal | 8.5.0.0 | |
| ibm | web_content_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D03AF20E-0C29-45A6-9B7F-8260D8D9E8BF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:web_content_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3338B4C9-9AB9-4EDD-B609-CC50A75BFB5B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in the PA_Theme_Creator application in IBM WebSphere Portal 8.5 CF08 through CF10 and Web Content Manager allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences."
},
{
"lang": "es",
"value": "Vulnerabilidad de CSRF en la aplicaci\u00f3n PA_Theme_Creator en IBM WebSphere Portal 8.5 CF08 hasta la versi\u00f3n CF10 y Web Content Manager permite a atacantes remotos secuestrar la autenticaci\u00f3n de usuarios arbitrarios para peticiones que inserten secuencias XSS."
}
],
"id": "CVE-2016-2901",
"lastModified": "2024-11-21T02:49:00.887",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-06-26T01:59:02.677",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI62594"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983974"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036143"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI62594"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983974"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036143"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-05-26 16:55
Modified
2024-11-21 01:21
Severity ?
Summary
The authoring tool in IBM Web Content Manager (WCM) 6.1.5, and 7.0.0.1 before CF003, allows remote authenticated users to bypass intended access restrictions on draft creation by leveraging certain resource editor privileges.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | web_content_manager | 6.1.5 | |
| ibm | web_content_manager | 7.0.01 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:web_content_manager:6.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "43503889-AAE4-4B57-9CA1-8F53644E11FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:web_content_manager:7.0.01:cf002:*:*:*:*:*:*",
"matchCriteriaId": "596CA731-BAA5-4A4D-A54A-FA1070A33028",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The authoring tool in IBM Web Content Manager (WCM) 6.1.5, and 7.0.0.1 before CF003, allows remote authenticated users to bypass intended access restrictions on draft creation by leveraging certain resource editor privileges."
},
{
"lang": "es",
"value": "La herramienta de de creaci\u00f3n en IBM Web Content Manager (WCM) v6.1.5, v7.0.0.1 y anteriore a CF003, permite a usuarios remotos autenticados a eludir las restricciones de acceso previsto en la creaci\u00f3n de proyectos mediante el aprovechamiento de ciertos privilegios de editor de recursos."
}
],
"id": "CVE-2010-4806",
"lastModified": "2024-11-21T01:21:49.163",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-05-26T16:55:04.503",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM26755"
},
{
"source": "cve@mitre.org",
"url": "http://www.ibm.com/support/docview.wss?uid=swg24029452"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM26755"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ibm.com/support/docview.wss?uid=swg24029452"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-05-26 16:55
Modified
2024-11-21 01:21
Severity ?
Summary
Race condition in IBM Web Content Manager (WCM) 7.0.0.1 before CF003 allows remote authenticated users to cause a denial of service (infinite recursive query) via unspecified vectors, related to a StackOverflowError exception.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | web_content_manager | 7.0.0.1 | |
| ibm | web_content_manager | 7.0.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:web_content_manager:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BE9800D8-2FD9-4579-9B76-6551E7A357F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:web_content_manager:7.0.0.1:cf002:*:*:*:*:*:*",
"matchCriteriaId": "AD73F4BB-96FA-42EF-9CEF-6AC6DC014E91",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Race condition in IBM Web Content Manager (WCM) 7.0.0.1 before CF003 allows remote authenticated users to cause a denial of service (infinite recursive query) via unspecified vectors, related to a StackOverflowError exception."
},
{
"lang": "es",
"value": "Condici\u00f3n de carrera en IBM Content Manager Web (WCM) v7.0.0.1 anterior a CF003 permite a usuarios remotos autenticados causar una denegaci\u00f3n de servicio (consulta recursiva infinita) a trav\u00e9s de vectores no especificados, relacionados con una excepci\u00f3n StackOverflowError."
}
],
"id": "CVE-2010-4807",
"lastModified": "2024-11-21T01:21:49.293",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-05-26T16:55:04.550",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM36141"
},
{
"source": "cve@mitre.org",
"url": "http://www.ibm.com/support/docview.wss?uid=swg24029452"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM36141"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ibm.com/support/docview.wss?uid=swg24029452"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}